2013 CHECK POINT ANNUAL SECURITY REPORT
02
THREATS TO YOUR
ORGANIZAT ION
BLACKHOLE
AN EXPLOI T KI T FOR THE MASSES
Part of the massive increase in malicious activity in the
last year can be attributed to hackers using pre-made
attack tools and packages. With one click, anyone can
download a full-fledged, highly sophisticated attack
suite. One such suite is the BlackHole exploit kit.
BlackHole is awidely-used, web-based software package
which includes a collection of tools that leverage web
browser security gaps. It enables the downloading of
viruses, bots, trojans and other forms of malicious
software onto the computers of unsuspecting victims.
Prices for such kits range from $50 for a single day’s
usage, up to $1,500 for a full year
9
.
funded, highly-motivated and extremely goal-oriented.
Cybercriminals seem to dedicate a considerable amount of
time and resources to gather intelligence. Their villainous
activities cause severe damages for organizations such as
loss of confidential data, business interruptions, reputation
damages and financial losses. The most sophisticated and
long-term attacks work towards a specific pre-determined
goal. These are referred to as Advanced Persistent Threats
(APT). APTs are unlikely to be detected by traditional
security systems, placing governments, enterprises, small
businesses and even personal networks at risk.
Breaking News:
A New Cyberattack is Exposed
In 2012, cyberattacks continued to proliferate and
routinely dominated headlines. Malicious software threats,
attacks and botnets made the front page news almost daily,
displaying hackers’ success in stealing data, paralyzing
operations and spying on corporations and governments.
The following represent a fraction of cyberattack events
that occurred in 2012: hackers attacked the White House’s
network
6
, hactivist group Anonymous brought down
U.S. Telecom Association and TechAmerica’s websites
7
,
cyberattacks hit Capital One Financial Corp., BB&T
Corp., HSBC Bank USA
8
, and many others.
Advanced Persistent Threats
Cybercriminals are no longer loose groups of amateurs.
In many cases, cybercriminals belong to well-structured
organizations that resemble terrorist cells. They are well-
“THERE ARE ONLY TWO TYPES
OF COMPANIES, THOSE THAT
HAVE BEEN HACKED AND THOSE
THAT WILL BE.”
Robert Mueller, Director, FBI, March, 2012
5
